new: [transform] added separate Event to * transforms

and a massive cleanup in the code

setup.py

@@ -5,7 +5,7 @@ from setuptools import setup, find_packages
 setup(
     name='MISP_maltego',
     author='Christophe Vandeplas',
-    version='1.1',
+    version='1.3',
     author_email='christophe@vandeplas.com',
     maintainer='Christophe Vandeplas',
     url='https://github.com/MISP/MISP-maltego',

src/MISP_maltego/transforms/eventtoattributes.py

@@ -17,91 +17,141 @@ __email__ = 'christophe@vandeplas.com'
 __status__ = 'Development'
 
 
-# @EnableDebugWindow
+class EventToTransform(Transform):
-class EventToTags(Transform):
+    input_type = None
-    """"Expands an object to its attributes"""
+    """Generic EventTo class containing multiple reusable functions for the subclasses."""
-    input_type = MISPEvent
+
-    description = 'Expands an Event with tags'
+    def __init__(self):
+        self.request = None
+        self.response = None
+        self.config = None
+        self.misp = None
+        self.event_json = None
+        self.event_tags = None
 
     def do_transform(self, request, response, config):
+        self.request = request
+        self.response = response
+        self.config = config
         maltego_misp_event = request.entity
-        misp = get_misp_connection(config)
+        self.misp = get_misp_connection(config)
-        event_json = misp.get_event(maltego_misp_event.id)
+        self.event_json = self.misp.get_event(maltego_misp_event.id)  # FIXME get it without attachments # FIXME use search + includeAttachments:0, eventid: as request body
-        event_tags = []
+        if not self.event_json.get('Event'):
+            return False
 
-        if 'Tag' in event_json['Event']:
+        self.response += event_to_entity(self.event_json)
-            for t in event_json['Event']['Tag']:
+        return True
-                event_tags.append(t['name'])
+
+    def gen_response_tags(self, gen_response=True):
+        self.event_tags = []
+        if 'Tag' in self.event_json['Event']:
+            for t in self.event_json['Event']['Tag']:
+                self.event_tags.append(t['name'])
                 # ignore all misp-galaxies
                 if t['name'].startswith('misp-galaxy'):
                     continue
                 # ignore all those we add as notes
                 if tag_matches_note_prefix(t['name']):
                     continue
-                response += Hashtag(t['name'])
+                if gen_response:
-        for g in event_json['Event']['Galaxy']:
+                    self.response += Hashtag(t['name'])
+
+    def gen_response_galaxies(self):
+        for g in self.event_json['Event']['Galaxy']:
             for c in g['GalaxyCluster']:
-                response += galaxycluster_to_entity(c)
+                self.response += galaxycluster_to_entity(c)
-        return response
 
-
+    def gen_response_attributes(self):
-# @EnableDebugWindow
+        if not self.event_tags:
-class EventToAttributes(Transform):
+            self.gen_response_tags(gen_response=False)
-    """Expands an event to attributes, objects, tags and galaxies."""
+        for a in self.event_json['Event']["Attribute"]:
-
+            for entity in attribute_to_entity(a, event_tags=self.event_tags):
-    # The transform input entity type.
-    input_type = MISPEvent
-    description = 'Expands an Event to Attributes, Tags, Galaxies'
-
-    def do_transform(self, request, response, config):
-        maltego_misp_event = request.entity
-        misp = get_misp_connection(config)
-        event_json = misp.get_event(maltego_misp_event.id)  # FIXME get it without attachments # FIXME use search + includeAttachments:0, eventid: as request body
-        if not event_json.get('Event'):
-            return response
-
-        response += event_to_entity(event_json)
-        event_tags = []
-        if 'Tag' in event_json['Event']:
-            for t in event_json['Event']['Tag']:
-                event_tags.append(t['name'])
-                # ignore all misp-galaxies
-                if t['name'].startswith('misp-galaxy'):
-                    continue
-                # ignore all those we add as notes
-                if tag_matches_note_prefix(t['name']):
-                    continue
-                response += Hashtag(t['name'])
-        for g in event_json['Event']['Galaxy']:
-            for c in g['GalaxyCluster']:
-                response += galaxycluster_to_entity(c)
-
-        for a in event_json['Event']["Attribute"]:
-            for entity in attribute_to_entity(a, event_tags=event_tags):
                 if entity:
-                    response += entity
+                    self.response += entity
 
-        for o in event_json['Event']['Object']:
+    def gen_response_objects(self):
-            response += object_to_entity(o)
+        for o in self.event_json['Event']['Object']:
-        return response
+            self.response += object_to_entity(o)
+
+    def gen_response_relations(self):
+        for e in self.event_json['Event']['RelatedEvent']:
+            self.response += event_to_entity(e, link_style=LinkStyle.DashDot)
 
 
 # @EnableDebugWindow
-class EventToRelations(Transform):
+class EventToAll(EventToTransform):
+    input_type = MISPEvent
+    description = 'Expands an Event to Attributes, Objects, Tags, Galaxies'
+
+    def do_transform(self, request, response, config):
+        if super().do_transform(request, response, config):
+            self.gen_response_tags()
+            self.gen_response_galaxies()
+            self.gen_response_attributes()
+            self.gen_response_objects()
+
+        return self.response
+
+
+# @EnableDebugWindow
+class EventToAttributes(EventToTransform):
+    input_type = MISPEvent
+    description = 'Expands an Event to Attributes'
+
+    def do_transform(self, request, response, config):
+        if super().do_transform(request, response, config):
+            self.gen_response_attributes()
+
+        return self.response
+
+
+# @EnableDebugWindow
+class EventToTags(EventToTransform):
+    input_type = MISPEvent
+    description = 'Expands an Event to Tags and Galaxies'
+
+    def do_transform(self, request, response, config):
+        if super().do_transform(request, response, config):
+            self.gen_response_tags()
+            self.gen_response_galaxies()
+
+        return self.response
+
+
+# @EnableDebugWindow
+class EventToGalaxies(EventToTransform):
+    input_type = MISPEvent
+    description = 'Expands an Event to Galaxies'
+
+    def do_transform(self, request, response, config):
+        if super().do_transform(request, response, config):
+            self.gen_response_galaxies()
+
+        return self.response
+
+
+# @EnableDebugWindow
+class EventToObjects(EventToTransform):
+    input_type = MISPEvent
+    description = 'Expands an Event to Objects'
+
+    def do_transform(self, request, response, config):
+        if super().do_transform(request, response, config):
+            self.gen_response_objects()
+
+        return self.response
+
+
+# @EnableDebugWindow
+class EventToRelations(EventToTransform):
     input_type = MISPEvent
     description = 'Expands an Event to related Events'
 
     def do_transform(self, request, response, config):
-        maltego_misp_event = request.entity
+        if super().do_transform(request, response, config):
-        misp = get_misp_connection(config)
+            self.gen_response_relations()
-        event_json = misp.get_event(maltego_misp_event.id)  # FIXME get it without attachments # FIXME use search + includeAttachments:0, eventid: as request body
-        if not event_json.get('Event'):
-            return response
 
-        response += event_to_entity(event_json)
+        return self.response
-        for e in event_json['Event']['RelatedEvent']:
-            response += event_to_entity(e, link_style=LinkStyle.DashDot)
-        return response
 
 
 # @EnableDebugWindow
@@ -121,4 +171,3 @@ class ObjectToAttributes(Transform):
                         response += entity
 
         return response
-